A computer implemented method includes identifying a universal resource locator and characterizing a traffic pattern associated with the universal resource locator. The traffic pattern can include referrer information, referring information, advertising network relationship information, and any combination thereof. The method can further include classifying the universal resource locator into a risk category based on the traffic pattern.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer implemented method comprising: identifying a destination universal resource locator; identifying a referring universal resource locator that referred the destination universal resource locator; characterizing, by utilizing a processor that executes instructions stored in memory, a traffic pattern associated with the destination universal resource locator as indicative of malicious content, wherein the traffic pattern is characterized based on information about the referring universal resource locator; classifying the destination universal resource locator into a risk category based on characterizing the traffic pattern; prioritizing a plurality of destination universal resource locators for malicious content analysis based on classifying each destination universal resource locator into a risk category; and determining if content associated with an analyzed destination universal resource locator is malicious; wherein the information about the referring universal resource locator comprises popularity information of the referrin universal resource locator and; wherein the popularity information of the referring universal resource locator includes an indication that the referring universal resource locator is indexed by a search engine.
The system identifies a destination website (URL) and the website (URL) that referred traffic to it. It then analyzes the traffic pattern to the destination URL, focusing on characteristics of the referring URL, to determine if the destination URL hosts malicious content. The traffic pattern analysis uses the referring URL's popularity, specifically whether it's indexed by a search engine, as a factor. Based on the traffic pattern, the system classifies the destination URL into a risk category. Multiple destination URLs are then prioritized for malicious content analysis based on their assigned risk categories. Finally, the system analyzes the content of high-priority destination URLs to identify actual malicious content.
2. The computer implemented method of claim 1 , wherein the classifying the destination universal resource locator into a risk category is based on multiple aspects of the traffic pattern.
The computer-implemented method from the previous description, which identifies destination and referring URLs, analyzes traffic patterns based on referring URL information (including search engine indexing), classifies destination URLs into risk categories, prioritizes them for analysis, and determines if the content is malicious, performs the risk classification based on multiple aspects of the traffic pattern, not just a single factor.
3. The computer implemented method of claim 1 , further comprising analyzing content associated with the destination universal resource locator to determine if the content is malicious.
The computer-implemented method from the initial description, which identifies destination and referring URLs, analyzes traffic patterns based on referring URL information (including search engine indexing), classifies destination URLs into risk categories, and prioritizes them for analysis, also includes analyzing the content of the destination URL to explicitly check for malicious code or indicators.
4. The computer implemented method of claim 1 , further comprising blocking the destination universal resource locator based on a determination that the content associated with the destination universal resource locator is malicious.
The computer-implemented method from the initial description, which identifies destination and referring URLs, analyzes traffic patterns based on referring URL information (including search engine indexing), classifies destination URLs into risk categories, and prioritizes them for analysis, further includes blocking access to the destination URL if its content is determined to be malicious.
5. A system comprising: a memory that stores instructions; a processor that executes the instructions to perform operations comprising: obtaining click stream information for a plurality of user systems; identifying a destination universal resource locator accessed by a user system of the plurality of user systems; identifying a referring universal resource locator that referred the destination universal resource locator; characterizing a traffic pattern associated with the destination universal resource locator as indicative of malicious content based on the click stream information, wherein the traffic pattern is characterized based on information about the referring universal resource locator; classifying the destination universal resource locator into a risk category based on characterizing the traffic pattern; prioritizing a plurality of destination universal resource locators for malicious content analysis based on classifying each destination universal resource locator into a risk category; and determining if content associated with an analyzed destination universal resource locator is malicious; wherein the information about the referring universal resource locator comprises popularity information of the referring universal resource locator and; wherein the popularity information of the referring universal resource locator includes an indication that the referring universal resource locator is indexed by a search engine.
The system collects website visit data (clickstream information) from multiple users. When a user accesses a website (destination URL), the system identifies the referring website (URL) that led them there. Based on the clickstream data, the system characterizes the traffic pattern to the destination URL, specifically focusing on information about the referring URL to determine if the destination URL is likely to be malicious. The analysis considers the referring URL's popularity, specifically if it's indexed by a search engine. The system then classifies the destination URL into a risk category. Multiple destination URLs are prioritized for malicious content analysis based on their risk classification. Finally, the system analyzes the content of high-priority destination URLs to identify actual malicious content.
6. The system of claim 5 , wherein the classifying the destination universal resource locator into a risk category is based on multiple aspects of the traffic pattern.
The system from the previous description, which collects clickstream data, identifies destination and referring URLs, analyzes traffic patterns based on referring URL information (including search engine indexing), classifies destination URLs into risk categories, prioritizes them for analysis, and determines if content is malicious, classifies the destination URL into a risk category based on multiple aspects of the traffic pattern.
7. The system of claim 5 , wherein the operations further comprise analyzing content associated with the destination universal resource locator to determine if the content is malicious.
The system from the previous description, which collects clickstream data, identifies destination and referring URLs, analyzes traffic patterns based on referring URL information (including search engine indexing), classifies destination URLs into risk categories, and prioritizes them for analysis, additionally analyzes the content of the destination URL to determine if it's actually malicious.
8. The system of claim 5 , wherein the operations further comprise blocking the destination universal resource locator based on a determination that the content associated with the destination universal resource locator is malicious.
The system from the previous description, which collects clickstream data, identifies destination and referring URLs, analyzes traffic patterns based on referring URL information (including search engine indexing), classifies destination URLs into risk categories, and prioritizes them for analysis, also includes blocking access to the destination URL if its content is determined to be malicious.
9. A machine readable storage device comprising computer instructions, which, when executed by a processor, cause the processor to perform operations comprising: obtaining click stream information for a plurality of user systems; identifying a destination universal resource locator accessed by at a user system of the plurality of user systems; identifying a referring universal resource locator that referred the destination universal resource locator; characterizing a traffic pattern associated with the destination universal resource locator as indicative of malicious content based on the click stream information, wherein the traffic pattern is characterized based on information about the referring universal resource locator; classifying the destination universal resource locator into a risk category based on characterizing the traffic pattern; prioritizing a plurality of destination universal resource locators for malicious content analysis based on classifying each destination universal resource locator into a risk category; and determining if content associated with an analyzed destination universal resource locator is malicious; wherein the information about the referring universal resource locator comprises popularity information of the referring universal resource locator and; wherein the popularity information of the referring universal resource locator includes an indication that the referring universal resource locator is indexed by a search engine.
A storage medium contains instructions that, when executed, cause a computer to collect website visit data (clickstream information) from multiple users. When a user accesses a website (destination URL), the system identifies the referring website (URL) that led them there. Based on the clickstream data, the system characterizes the traffic pattern to the destination URL, specifically focusing on information about the referring URL to determine if the destination URL is likely to be malicious. The analysis considers the referring URL's popularity, specifically if it's indexed by a search engine. The system then classifies the destination URL into a risk category. Multiple destination URLs are prioritized for malicious content analysis based on their risk classification. Finally, the system analyzes the content of high-priority destination URLs to identify actual malicious content.
10. The machine readable storage device of claim 9 , wherein the classifying the destination universal resource locator into a risk category is based on multiple aspects of the traffic pattern.
The machine-readable storage device from the previous description, which collects clickstream data, identifies destination and referring URLs, analyzes traffic patterns based on referring URL information (including search engine indexing), classifies destination URLs into risk categories, prioritizes them for analysis, and determines if content is malicious, performs the risk classification based on multiple aspects of the traffic pattern.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 8, 2010
July 9, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.